The Friday Tech Takeaway - 03.11.17

Twitter employee 'deactivated' Trump account on last day: US president Donald Trump’s Twitter account disappeared for 11 minutes yesterday, in a final act of farewell by an employee leaving the company. In response Donald Trump has said that ‘the word’ must finally be getting out and having an impact. Speculation is rife as to what that word might be, with none of the suggestions suitable to publish here. http://www.bbc.co.uk/news/world-us-canada-41854482

59% of employees hit by ransomware at work paid out of their own pockets: A survey of more than 1,000 office workers carried out by business cloud services provider Intermedia has revealed that 59% of employees that had their computer hit by ransomware paid the ransom demand out of their own pockets. https://www.intermedia.net/report/datavulnerability2017

Hackers using default SSH creds to take over Ethereum mining equipment: A threat actor is mass-scanning the Internet for Ethereum mining equipment running ethOS that is still using the operating system's default SSH credentials. https://goo.gl/WpkDAh

Undetectable ATM shimmers used to steal chip based cards worldwide: As crooks continue to use skimmers in payment card frauds, these devices are becoming even more sophisticated. The number of cyber-attacks against ATMs involving so-called ‘insert skimmers’ is increasing. Insert Skimmers are wafer-thin fraud devices designed to fit invisibly inside the ATM card slot. https://goo.gl/yRfYDY

WordPress releases version 4.8.3 to address serious SQL injection vulnerability: WordPress developers fixed a serious SQL injection vulnerability that was reported by the researcher Anthony Ferrara, VP of engineering at Lingo Live. The issue was addressed on Tuesday with the release of version 4.8.3.The vulnerability can be exploited via WordPress plugins and themes, an attacker can take over vulnerable websites by powering an SQL injection attack. https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

FireEye releases GoCrack, a free managed password cracking tool: FireEye has released a managed password cracking tool, dubbed GoCrack, that is able to execute tasks across multiple GPU servers. GoCrack is an open source tool developed by FireEye’s Innovation and Custom Engineering (ICE) team that implements an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks. https://goo.gl/b7chFC

Highly critical flaw (CVSS Score 10) lets hackers hijack Oracle Identity Manager: A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control of affected systems. https://goo.gl/GMptEu

New VibWrite system uses finger vibrations to authenticate users: Rutgers engineers have created a new type of user authentication system that relies on transmitting vibrations through a surface and having the user touch the surface to generate a unique signature. This signature is then used to approve or deny a user access to an app, room or building. https://goo.gl/eyHYfL

Investigation underway at Heathrow after USB containing sensitive documents found on pavement: An unnamed man, on his way to the library, spotted a thumb drive on the sidewalk in Queen’s Park, West London. He pocketed the USB drive and continued on his way. A few days later he returned to the library to view its contents. Recognizing the sensitive nature of the information, he then turned the USB drive over to The Sunday Mirror. https://goo.gl/rWs1he